我有一个deploy用户。 我试图让它执行一些运营商,而不使用sudo,我可以input密码。
这是我的visudo :
# /etc/sudoers # This file MUST be edited with the 'visudo' command as root. # See the man page for details on how to write a sudoers file. Defaults env_reset # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL # Uncomment to allow members of group sudo to not need a password # (Note that later entries override this, so you might need to move # it further down) # %sudo ALL=NOPASSWD: ALL %team ALL=(ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # ubuntu user is default user in ec2-images. # It needs passwordless sudo functionality. ubuntu ALL=(ALL) NOPASSWD:ALL Cmnd_Alias DEPLOY= /home/deploy/.rbenv/shims/foreman, /sbin/start, /sbin/stop, /sbin/restart, /bin/mv deploy ALL=(ALL) NOPASSWD:DEPLOY
这里是deploy所在的位置:
ec2 ~: groups deploy deploy : deploy team
我试图移动一些文件到/etc ,它没有工作。
我在Ubuntu 10.04 LTS 64位。
谢谢!
mv xxx / etc
即使你指定你在/etc/sudoers文件中做了什么,你仍然需要在你的mv命令中运行sudo。
但是你应该做的是允许部署运行一个特定的脚本来执行mv操作,但不允许任意的mv命令。